PIX 7.0 VPN users accessing DMZ Servers with IP Static NAT to Inside

Another issue I have with Cisco PIX 7.0.

I have a server connecting to the PIX DMZ interface with the IP of This server is translated to an Inside IP and to an Outside internet routable IP.

When VPN users connect from outside, they want to access the DMZ server via the IP not the 172 IP.

They are able to connect to any host on the inside but unable to connect to the translated IP.

This is the static statement.
static (dmz,inside) netmask

My Networks
Inside :
VPN Pool :

I posted this question at Cisco NetPro forum, and I got this reply,

“static (dmz,inside) netmask

as the command sugguested, the translation is between the dmz and the inside interfaces. it only works when the packet originated from the inside, not the vpn clinet from the outside.”

So I concluded that the VPN clients are connecting from the outside interface and the static command i used is only for host on the inside interface.

I still wondering is there a way of writing my ACL, traffic from outside to dmz have a different translation but I have already translated dmz to outside with another static command. So… help?